> I'm running the main dns on Linux, the secondary is out of my network (it is
> managed by and ISP provider).
> I set up my primary server to not allow zone transfer at all because I want
> that the changes made in primary will reflect on secondary, but any
> modification to secondary server must not be transferred to primary.
> Is this setting good??

I think you want:

allow-transfer { ip_of_secondary; };

As long as you don't specifically configure your server to be a slave
for a domain, there is no way that bind will modify the data in your
master zone, so I think your concern is misplaced here.

> How it is possible to force a zone transfer??

Increment the serial number and wait at least your SOA refresh time
limit.  Zone transfers are pulled, not pushed.  If you had
access to the secondary, you could "ndc reload zone".  You can set
the refresh as low as you like for testing, but be considerate of
the ISP doing your slaving and set it back to something reasonable
(see RFC 1537 for recommendations) when done testing.

-- 
   __   __   __ _ __ __      __  __ ____ __   __ _ ____ __
  /  | /, | / / // //  |    /  |/ // __//  | / / // __//  |
 / / //   // / // // / /   / , ' // _/ / / // / // _/ / / /
/___//_/_/ |__//_//___/   /_/|__//___//___/ |__//___//___/

Unix Systems Engineer              VOICE: +1 864 331 8181
NuVox Communications, Inc.         FAX:   +1 864 331 1466
301 North Main Street, Ste 5000    EMAIL: dnedved@nuvox.net
Greenville, SC  29601   USA        PAGER: pagenedved@nuvox.net

-- Attached file included as plaintext by Ecartis --

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjw7aCYACgkQNcFAmurdA+N+WgCgsKHvfOzYpEgYa975ZgFx0R7i
sX4AnjhyKY5NBQoc0vAlzkoEfiU4gqyl
=G6LP
-----END PGP SIGNATURE-----